Amnesty International published a report detailing a chain of three zero-day vulnerabilities developed by phone-unlocking company Cellebrite, which its researchers found after investigating the hack of a student protester's phone in Serbia. The flaws were found in the core Linux USB kernel, meaning the vulnerability is not limited to a particular device or vendor and could impact over a billion Android devices. Google's anti-hacking unit Threat Analysis Group identified and fixed the three separate flaws after Amnesty shared its findings. Cellebrite announced that it had stopped its Serbian customer from using its technology following the allegations of abuse uncovered by Amnesty.